If you are implementing a cryptographic scheme where you want to encrypt (handle data confidentially) and authenticate stuff (make sure data was not changed during transit + we can be sure who sent the data), you should first encrypt and then put a MAC (Message Authentication Code) on it.

This article explains why.